Scenario: A domestic small wired lan with two computers: my wife's laptop and my desktop, both running aptosid keres (well, actually older releases fully updated). The administrator (myself) tries to get connected from his (my) computer to my wife's one for administration tasks. After reading carefully aptosid manual for ssh, man ssh, man ssh_config and man sshd_config, and having changed /etc/sshd_config in the side of the server (my wife's side) in this way:

# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

When the administrator gives the order, the system refuses to connect:

You need to start sshd on the other machine, before accessing it from outside:

Code:

su
/etc/init.d/ssh restart

If one of your machines involved does have internet access, you should consider to disallow root login via ssh (instead become root on the other machine via su after connecting), and authenticate via self created gpg-keys instead password. Also do not ssh as root.
Greetings,
Chris

with this a root user isn't allowed to login, that is good for security reason. try another user.

For finding erros use ssh -v or ssh -vv or ssh -vvv than ssh giving more debug messages. On the PC where you want to connect look into the logs (dmesg, debug, auth etc.) for better understanding what is going wrong.

lotman

Post subject:Posted: 22.11.2010, 21:19

Joined: 2010-09-12
Posts: 6
Location: berlin
Status: Offline

hefee wrote:

but you have in your config:

Code:

PermitRootLogin yes

with this a root user isn't allowed to login, that is good for security reason. try another user.

It is the other way around... So root should be able to connect. How about trying a standard-configuration to see if that works to figure out if it is a configuration-error?

Probably just misunderstanding about 'Bind'?
It's binding the sshd, the server listening to incoming TCP port.
so should be the IP address of the server (her PC, 192.168.0.2).

Your PC starts ssh connection as client.

browe

Post subject:Posted: 23.11.2010, 15:08

Joined: 2010-09-12
Posts: 157
Location: Canada
Status: Offline

I have a similar network setup at home. I used default settings for ssh and my router is the dhcp server. In the router I reserved a specific ip for each computer so they automatically get the same ip every time they reconnect.

Double check your router and see what ip is showing up there. Regarding the bind... you might want to have the laptop listen to the router ip rather than your desktop. However, the default config for ssh should work fine in your situation... get that working first then play with tweaks listed above (especially what Slam mentioned about pgp keys and restricting root login).